@powerhousedao/ph-cli 2.5.0-dev.1 → 2.5.0-dev.11

package/dist/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@powerhousedao/ph-cli",
-    "version": "2.5.0-dev.1",
+    "version": "2.5.0-dev.11",
     "description": "",
     "license": "AGPL-3.0-only",
     "type": "module",

package/dist/scripts/setup-environment

@@ -20,8 +20,8 @@ else
     # =============================================================================
     # Package Installation
     # =============================================================================
-    sudo apt install -y postgresql postgresql-contrib nginx nginx-module-brotli
-    sudo ln -sf /usr/share/nginx/modules-available/mod-brotli.conf /etc/nginx/modules-enabled/50-mod-brotli.conf
+    sudo apt install -y postgresql postgresql-contrib nginx libnginx-mod-http-brotli-static libnginx-mod-http-brotli-filter
+    sudo sed -i 's/# gzip_vary/gzip_vary/; s/# gzip_proxied/gzip_proxied/; s/# gzip_comp_level/gzip_comp_level/; s/# gzip_buffers/gzip_buffers/; s/# gzip_http_version/gzip_http_version/; s/# gzip_types/gzip_types/' /etc/nginx/nginx.conf
 
     # =============================================================================
     # Interactive Package Installation
@@ -113,6 +113,23 @@ EOF
     echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
     echo "  SSL Configuration"
     echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+
+    # Add compression settings to nginx.conf if not exists
+    if ! grep -q "brotli_comp_level" /etc/nginx/nginx.conf || ! grep -q "gzip_comp_level" /etc/nginx/nginx.conf; then
+        echo "Adding compression settings to nginx.conf..."
+        # Find the http block in nginx.conf
+        if ! grep -q "brotli_comp_level" /etc/nginx/nginx.conf; then
+            sudo sed -i '/http {/a \    # Brotli compression\n    brotli on;\n    brotli_comp_level 6;\n    brotli_types text/plain text/css application/javascript application/json image/svg+xml application/xml+rss;\n    brotli_static on;' /etc/nginx/nginx.conf
+        fi
+        if ! grep -q "gzip_comp_level" /etc/nginx/nginx.conf; then
+            sudo sed -i '/http {/a \    # Gzip compression\n    gzip on;\n    gzip_vary on;\n    gzip_proxied any;\n    gzip_comp_level 6;\n    gzip_buffers 16 8k;\n    gzip_http_version 1.1;\n    gzip_types text/plain text/css application/javascript application/json image/svg+xml application/xml+rss;' /etc/nginx/nginx.conf
+        fi
+    else
+        echo "Compression settings already present in nginx.conf"
+    fi
+
+    
+
     echo "Choose SSL configuration:"
     echo "1) Let's Encrypt certificates for domains"
     echo "2) Self-signed certificate for machine hostname"
@@ -130,132 +147,58 @@ EOF
         echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
         read -p "Enter Connect domain (e.g. connect.google.com): " connect_domain
         read -p "Enter Switchboard domain (e.g. switchboard.google.com): " switchboard_domain
+        read -p "Enter admin email for Let's Encrypt notifications: " admin_email
 
         echo "Using domains:"
         echo "Connect: $connect_domain"
         echo "Switchboard: $switchboard_domain"
 
-        # Generate temporary SSL certificates
-        echo "Generating temporary SSL certificates..."
-        sudo mkdir -p /etc/nginx/ssl
-        sudo openssl req -x509 -nodes -days 1 -newkey rsa:2048 \
-            -keyout /etc/nginx/ssl/temp.key \
-            -out /etc/nginx/ssl/temp.crt \
-            -subj "/CN=$connect_domain" \
-            -addext "subjectAltName = DNS:$connect_domain,DNS:$switchboard_domain"
-
-        # Check if Nginx configuration already exists
-        if [ -f "/etc/nginx/sites-available/$PROJECT_NAME" ]; then
-            echo "Nginx configuration for $PROJECT_NAME already exists"
-            read -p "Do you want to overwrite it? (y/n): " overwrite_nginx
-            if [ "$overwrite_nginx" != "y" ]; then
-                echo "Keeping existing Nginx configuration"
-            else
-                # Create Nginx configuration for domains
-                echo "Creating Nginx configuration..."
-                sudo tee /etc/nginx/sites-available/$PROJECT_NAME > /dev/null << EOF
-# Security headers
-add_header Strict-Transport-Security "max-age=63072000" always;
-add_header X-Frame-Options DENY;
-add_header X-Content-Type-Options nosniff;
-add_header X-XSS-Protection "1; mode=block";
-
-# Compression settings
-brotli on;
-brotli_comp_level 6;
-brotli_types text/plain text/css application/javascript application/json image/svg+xml application/xml+rss;
-brotli_static on;
-
-gzip on;
-gzip_vary on;
-gzip_proxied any;
-gzip_comp_level 6;
-gzip_types text/plain text/css application/javascript application/json image/svg+xml application/xml+rss;
-gzip_min_length 1000;
-gzip_buffers 16 8k;
-
+        # Create initial Nginx configuration for certbot
+        echo "Creating initial Nginx configuration..."
+        sudo tee /etc/nginx/sites-available/$PROJECT_NAME > /dev/null << EOF
 server {
     listen 80;
     server_name $connect_domain $switchboard_domain;
-    return 301 https://\$host\$request_uri;
-}
-
-server {
-    listen 443 ssl http2;
-    server_name $connect_domain;
-    
-    ssl_certificate /etc/nginx/ssl/temp.crt;
-    ssl_certificate_key /etc/nginx/ssl/temp.key;
-    
-    # SSL configuration
-    ssl_protocols TLSv1.2 TLSv1.3;
-    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
-    ssl_prefer_server_ciphers off;
-    ssl_session_timeout 1d;
-    ssl_session_cache shared:SSL:50m;
-    ssl_session_tickets off;
-    ssl_stapling on;
-    ssl_stapling_verify on;
-
-    if (\$http_x_forwarded_proto = "http") {
-        return 301 https://\$server_name\$request_uri;
-    }
     
     location / {
-        root $PWD/.ph/connect-build/dist;
+        root /var/www/html/$PROJECT_NAME;
         try_files \$uri \$uri/ /index.html;
-        add_header Cache-Control "no-cache";
-        add_header X-Forwarded-Proto \$scheme;
-        add_header X-Forwarded-Host \$host;
-        add_header X-Forwarded-Port \$server_port;
     }
-}
 
-server {
-    listen 443 ssl http2;
-    server_name $switchboard_domain;
-    
-    ssl_certificate /etc/nginx/ssl/temp.crt;
-    ssl_certificate_key /etc/nginx/ssl/temp.key;
-    
-    location / {
-        proxy_pass http://localhost:4001;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade \$http_upgrade;
-        proxy_set_header Connection 'upgrade';
-        proxy_set_header Host \$host;
-        proxy_cache_bypass \$http_upgrade;
-        proxy_set_header X-Real-IP \$remote_addr;
-        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto \$scheme;
+    location /.well-known/acme-challenge/ {
+        root /var/www/html;
     }
 }
 EOF
-            fi
-        else
-            # Create Nginx configuration for domains
-            echo "Creating Nginx configuration..."
-            sudo tee /etc/nginx/sites-available/$PROJECT_NAME > /dev/null << EOF
-# Security headers
-add_header Strict-Transport-Security "max-age=63072000" always;
-add_header X-Frame-Options DENY;
-add_header X-Content-Type-Options nosniff;
-add_header X-XSS-Protection "1; mode=block";
-
-# Compression settings
-brotli on;
-brotli_comp_level 6;
-brotli_types text/plain text/css application/javascript application/json image/svg+xml application/xml+rss;
-brotli_static on;
-
-gzip on;
-gzip_vary on;
-gzip_proxied any;
-gzip_comp_level 6;
-gzip_types text/plain text/css application/javascript application/json image/svg+xml application/xml+rss;
-gzip_min_length 1000;
-gzip_buffers 16 8k;
 
+        # Enable the site
+        sudo ln -sf /etc/nginx/sites-available/$PROJECT_NAME /etc/nginx/sites-enabled/
+        sudo rm -f /etc/nginx/sites-enabled/default
+
+        # Test Nginx configuration
+        sudo nginx -t
+
+        # Restart Nginx to apply changes
+        sudo systemctl restart nginx
+
+        # Obtain SSL certificates
+        echo "Obtaining SSL certificates..."
+        sudo certbot --nginx -d $connect_domain --non-interactive --agree-tos --email $admin_email --redirect
+        sudo certbot --nginx -d $switchboard_domain --non-interactive --agree-tos --email $admin_email --redirect
+
+        # Wait for certbot to finish and certificates to be installed
+        sleep 5
+
+        # Check if certificates were installed
+        if [ ! -f "/etc/letsencrypt/live/$connect_domain/fullchain.pem" ] || [ ! -f "/etc/letsencrypt/live/$switchboard_domain/fullchain.pem" ]; then
+            echo "Error: SSL certificates were not installed properly"
+            echo "Please check the certbot logs at /var/log/letsencrypt/letsencrypt.log"
+            exit 1
+        fi
+
+        # Update Nginx configuration with proper SSL settings
+        echo "Updating Nginx configuration with SSL settings..."
+        sudo tee /etc/nginx/sites-available/$PROJECT_NAME > /dev/null << EOF
 server {
     listen 80;
     server_name $connect_domain $switchboard_domain;
@@ -263,11 +206,12 @@ server {
 }
 
 server {
-    listen 443 ssl http2;
+    listen 443 ssl;
+    http2 on;
     server_name $connect_domain;
     
-    ssl_certificate /etc/nginx/ssl/temp.crt;
-    ssl_certificate_key /etc/nginx/ssl/temp.key;
+    ssl_certificate /etc/letsencrypt/live/$connect_domain/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/$connect_domain/privkey.pem;
     
     # SSL configuration
     ssl_protocols TLSv1.2 TLSv1.3;
@@ -278,6 +222,14 @@ server {
     ssl_session_tickets off;
     ssl_stapling on;
     ssl_stapling_verify on;
+    resolver 8.8.8.8 8.8.4.4 valid=300s;
+    resolver_timeout 5s;
+
+    # Security headers
+    add_header Strict-Transport-Security "max-age=63072000" always;
+    add_header X-Frame-Options DENY;
+    add_header X-Content-Type-Options nosniff;
+    add_header X-XSS-Protection "1; mode=block";
 
     if (\$http_x_forwarded_proto = "http") {
         return 301 https://\$server_name\$request_uri;
@@ -291,14 +243,37 @@ server {
         add_header X-Forwarded-Host \$host;
         add_header X-Forwarded-Port \$server_port;
     }
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/html;
+    }
 }
 
 server {
-    listen 443 ssl http2;
+    listen 443 ssl;
+    http2 on;
     server_name $switchboard_domain;
     
-    ssl_certificate /etc/nginx/ssl/temp.crt;
-    ssl_certificate_key /etc/nginx/ssl/temp.key;
+    ssl_certificate /etc/letsencrypt/live/$switchboard_domain/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/$switchboard_domain/privkey.pem;
+    
+    # SSL configuration
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:SSL:50m;
+    ssl_session_tickets off;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    resolver 8.8.8.8 8.8.4.4 valid=300s;
+    resolver_timeout 5s;
+
+    # Security headers
+    add_header Strict-Transport-Security "max-age=63072000" always;
+    add_header X-Frame-Options DENY;
+    add_header X-Content-Type-Options nosniff;
+    add_header X-XSS-Protection "1; mode=block";
     
     location / {
         proxy_pass http://localhost:4001;
@@ -311,23 +286,20 @@ server {
         proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto \$scheme;
     }
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/html;
+    }
 }
 EOF
-        fi
 
-        # Enable the site
-        sudo ln -sf /etc/nginx/sites-available/$PROJECT_NAME /etc/nginx/sites-enabled/
-        sudo rm -f /etc/nginx/sites-enabled/default
+        # Test and reload Nginx configuration
+        sudo nginx -t && sudo systemctl reload nginx
 
-        # Test Nginx configuration
-        sudo nginx -t
-
-        # Obtain SSL certificates
-        echo "Obtaining SSL certificates..."
-        sudo certbot --nginx -d $connect_domain -d $switchboard_domain --non-interactive --agree-tos --email admin@$connect_domain
-
-        # Remove temporary certificates
-        sudo rm -f /etc/nginx/ssl/temp.*
+        # Set up automatic renewal
+        echo "Setting up automatic certificate renewal..."
+        sudo systemctl enable certbot.timer
+        sudo systemctl start certbot.timer
 
     else
         # Get machine hostname
@@ -344,26 +316,6 @@ EOF
         # Create Nginx configuration for self-signed
         echo "Creating Nginx configuration..."
         sudo tee /etc/nginx/sites-available/$PROJECT_NAME > /dev/null << EOF
-# Security headers
-add_header Strict-Transport-Security "max-age=63072000" always;
-add_header X-Frame-Options DENY;
-add_header X-Content-Type-Options nosniff;
-add_header X-XSS-Protection "1; mode=block";
-
-# Compression settings
-brotli on;
-brotli_comp_level 6;
-brotli_types text/plain text/css application/javascript application/json image/svg+xml application/xml+rss;
-brotli_static on;
-
-gzip on;
-gzip_vary on;
-gzip_proxied any;
-gzip_comp_level 6;
-gzip_types text/plain text/css application/javascript application/json image/svg+xml application/xml+rss;
-gzip_min_length 1000;
-gzip_buffers 16 8k;
-
 server {
     listen 80;
     server_name $hostname;
@@ -371,7 +323,8 @@ server {
 }
 
 server {
-    listen 443 ssl http2;
+    listen 443 ssl;
+    http2 on;
     server_name $hostname;
     
     ssl_certificate /etc/ssl/certs/$hostname.crt;

package/dist/src/version.d.ts

@@ -1,2 +1,2 @@
-export declare const version = "2.5.0-dev.1";
+export declare const version = "2.5.0-dev.11";
 //# sourceMappingURL=version.d.ts.map

package/dist/src/version.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../../src/version.ts"],"names":[],"mappings":"AACA,eAAO,MAAM,OAAO,gBAAgB,CAAC"}
+{"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../../src/version.ts"],"names":[],"mappings":"AACA,eAAO,MAAM,OAAO,iBAAiB,CAAC"}

package/dist/src/version.js

@@ -1,3 +1,3 @@
 // This file is auto-generated. DO NOT EDIT.
-export const version = "2.5.0-dev.1";
+export const version = "2.5.0-dev.11";
 //# sourceMappingURL=version.js.map

package/dist/src/version.js.map

@@ -1 +1 @@
-{"version":3,"file":"version.js","sourceRoot":"","sources":["../../src/version.ts"],"names":[],"mappings":"AAAA,4CAA4C;AAC5C,MAAM,CAAC,MAAM,OAAO,GAAG,aAAa,CAAC"}
+{"version":3,"file":"version.js","sourceRoot":"","sources":["../../src/version.ts"],"names":[],"mappings":"AAAA,4CAA4C;AAC5C,MAAM,CAAC,MAAM,OAAO,GAAG,cAAc,CAAC"}